diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-08-27 13:16:18 +1200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-09-04 08:31:25 +0000 |
commit | e019f3a6aac62460ee9768fec4001e00f00f8096 (patch) | |
tree | b1c46742dd3fdaa1577b46a1c637170d0009796b /lib | |
parent | 9b0c30517834da57a436ac6a0bad1fa2c6173849 (diff) | |
download | samba-e019f3a6aac62460ee9768fec4001e00f00f8096.tar.gz |
ldb: Do not read beyond the end of the extended DN component when printing
The print functions used in Samba NULL terminate, but do not assume they will
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
(cherry picked from commit a8a3cef3a768aaff01227dd7b229fb7b3aef926f)
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ldb/common/ldb_dn.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c index b9a414dc566..83f94e3b913 100644 --- a/lib/ldb/common/ldb_dn.c +++ b/lib/ldb/common/ldb_dn.c @@ -871,11 +871,15 @@ char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int } if (i == 0) { - p = talloc_asprintf(mem_ctx, "<%s=%s>", - name, val.data); + p = talloc_asprintf(mem_ctx, "<%s=%.*s>", + name, + (int)val.length, + val.data); } else { - p = talloc_asprintf_append_buffer(p, ";<%s=%s>", - name, val.data); + p = talloc_asprintf_append_buffer(p, ";<%s=%.*s>", + name, + (int)val.length, + val.data); } talloc_free(val.data); |